GNU bug report logs - #55666
enhancement request - SHA-256 for emacs downloads

Previous Next

Full log

Message #15 received at 55666 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 55666 <at> debbugs.gnu.org, shishini <at> outlook.com
Subject: Re: bug#55666: enhancement request - SHA-256 for emacs downloads
Date: Fri, 27 May 2022 15:28:32 +0300

> Cc: 55666 <at> debbugs.gnu.org
> From: Lars Ingebrigtsen <larsi <at> gnus.org>
> Date: Fri, 27 May 2022 12:59:25 +0200
> 
> Ali Elshishini <shishini <at> outlook.com> writes:
> 
> > May you please include a list of SHA-256 hashes for the downloads in 
> > https://www.gnu.org/software/emacs/download.html
> >
> > This will provide an easy and secure way to verify downloads
> > Please note that the experience to verify the signature on windows is very poor
> > and it for me at least ended up with the file nor being verified because of missing
> > public key 
> >
> > A SHA-256 hash will be a simple solution
> 
> That would require people to edit that web page every time they generate
> a package, which would be error prone and require too much work of the
> people who build the packages.
> 
> The packages are signed, which I think should be more than sufficient,
> so I'm closing this bug report.

In addition, one can find the SHA values in the announcements made on
info-gnu-emacs.  Here's the one about Emacs 28.1:

  https://lists.gnu.org/archive/html/info-gnu-emacs/2022-04/msg00000.html

You can similarly search for announcements of the older releases.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.